Description:
A vulnerability was reported in WebsiteBaker. A remote user can inject SQL commands.

The 'account/signup.php' script does not properly validate user-supplied input in the 'username' and 'display_name' parameters. A remote user can supply a specially crafted parameter value to execute SQL commands on the underlying database.

Marek Alaksa of Citadelo reported this vulnerability.

Impact:
A remote user can execute SQL commands on the underlying database.